Data Protection Consultancy Services
Data Sharing Across the Borough
We were approached by a Council to provide some specific GDPR consultancy services to assist them with the second phase of their GDPR project.
Due to the nature of the two individual projects we were able to offer the council a fixed rate for the duration of the project which consisted of multiple outcomes from each individual project.
This outcomes-based proposal fitted the council’s model as they had a fixed budget for the project.
Project 1 consisted of a number of deliverables relating to CCTV, how it is processed, stored, how data subjects are informed and how it’s shared.
Project 2 consisted of understanding the data that is shared across the council, pulling this information from their Information Asset Registers, and compiling a comprehensive gap analysis and risk assessment approach to data sharing, so they can review third parties and put in place appropriate safeguards.
Following two days onsite engaging with key stakeholders, we developed a tailored CCTV Policy and provided a detailed overview and gap analysis of CCTV processes and Data Sharing Agreements across the organisation.
We were able to advise on remediations to mitigate the risks that were highlighted as a result of the project.
We delivered the following for the council over the course of the project:
Provide a complete CCTV policy incorporating GDPR, Data Protection Act 2018 and Surveillance Code of Practice/ Protection of Freedoms Act 2012 requirements.
- Compile a comprehensive list of CCTV installations across the council.
- Analysis of Individual Rights and Data Subject Access Requests policies and processes in relation to CCTV.
- Review the storage and retention periods of CCTV to ensure compliance.
- Highlight any contracts that need to be reviewed in light of GDPR.
- Prepare a Data Protection Impact Assessment that can be used throughout the organisation can use as a template before they procure or use CCTV.
- Identify in a gap analysis any further work that needs to be completed to ensure compliance to the legislation.
- Create a list of suppliers from Information Asset Registers documenting whether data sharing agreements are (a) in place, (b) not in place, or (c) if the asset owner is unsure.
- Provide a gap analysis highlighting areas of risk where data is exposed due to no data sharing agreements in place.
The project was delivered over 23 days, with 2 of those days onsite, and the rest offsite.